diff --git a/.env.example b/.env.example
index 4bf6b305..cf01e616 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,4 @@
SECRET_KEY_BASE=
IMAP_SERVER=
DEFAULT_FROM=
+DEVISE_PEPPER=
diff --git a/.rubocop.yml b/.rubocop.yml
index febceec0..980b6f08 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -12,3 +12,7 @@ Metrics/MethodLength:
Exclude:
- 'db/schema.rb'
- 'db/migrate/*.rb'
+
+Metrics/BlockLength:
+ Exclude:
+ - 'config/initializers/devise.rb'
diff --git a/Gemfile b/Gemfile
index 0a0406f6..578a8aea 100644
--- a/Gemfile
+++ b/Gemfile
@@ -22,9 +22,11 @@ gem 'uglifier', '>= 1.3.0'
# See https://github.com/rails/execjs#readme for more supported runtimes
# gem 'therubyracer', platforms: :ruby
-# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
+# Turbolinks makes navigating your web application faster. Read more:
+# https://github.com/turbolinks/turbolinks
gem 'turbolinks', '~> 5'
-# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
+# Build JSON APIs with ease. Read more:
+# https://github.com/rails/jbuilder
gem 'jbuilder', '~> 2.5'
# Use ActiveModel has_secure_password
gem 'bcrypt', '~> 3.1.7'
@@ -37,6 +39,8 @@ gem 'carrierwave'
gem 'carrierwave-bombshelter'
gem 'carrierwave-i18n'
gem 'commonmarker'
+gem 'devise'
+gem 'devise-i18n'
gem 'email_address'
gem 'exception_notification'
gem 'font-awesome-rails'
@@ -56,10 +60,12 @@ group :development, :test do
end
group :development do
- # Access an IRB console on exception pages or by using <%= console %> anywhere in the code.
+ # Access an IRB console on exception pages or by using <%= console %>
+ # anywhere in the code.
gem 'listen', '>= 3.0.5', '< 3.2'
gem 'web-console', '>= 3.3.0'
- # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
+ # Spring speeds up development by keeping your application running in
+ # the background. Read more: https://github.com/rails/spring
gem 'bcrypt_pbkdf'
gem 'capistrano'
gem 'capistrano-bundler'
diff --git a/Gemfile.lock b/Gemfile.lock
index 49fb3deb..a9572c06 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -98,6 +98,14 @@ GEM
ruby-enum (~> 0.5)
concurrent-ruby (1.1.5)
crass (1.0.4)
+ devise (4.6.2)
+ bcrypt (~> 3.0)
+ orm_adapter (~> 0.1)
+ railties (>= 4.1.0, < 6.0)
+ responders
+ warden (~> 1.2.3)
+ devise-i18n (1.8.0)
+ devise (>= 4.6)
dotenv (2.7.2)
dotenv-rails (2.7.2)
dotenv (= 2.7.2)
@@ -200,6 +208,7 @@ GEM
nio4r (2.3.1)
nokogiri (1.10.2)
mini_portile2 (~> 2.4.0)
+ orm_adapter (0.5.0)
parallel (1.16.0)
parser (2.6.2.0)
ast (~> 2.4.0)
@@ -250,6 +259,9 @@ GEM
ffi (~> 1.0)
rbnacl (4.0.2)
ffi
+ responders (3.0.0)
+ actionpack (>= 5.0)
+ railties (>= 5.0)
rouge (3.3.0)
rubocop (0.66.0)
jaro_winkler (~> 1.5.1)
@@ -347,6 +359,8 @@ DEPENDENCIES
carrierwave-bombshelter
carrierwave-i18n
commonmarker
+ devise
+ devise-i18n
dotenv-rails
ed25519
email_address
@@ -377,4 +391,4 @@ DEPENDENCIES
whenever
BUNDLED WITH
- 1.17.1
+ 1.17.3
diff --git a/app/views/devise/confirmations/new.haml b/app/views/devise/confirmations/new.haml
new file mode 100644
index 00000000..cb4c1d7c
--- /dev/null
+++ b/app/views/devise/confirmations/new.haml
@@ -0,0 +1,10 @@
+%h2= t('.resend_confirmation_instructions')
+= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f|
+ = render "devise/shared/error_messages", resource: resource
+ .field
+ = f.label :email
+ %br/
+ = f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email)
+ .actions
+ = f.submit t('.resend_confirmation_instructions')
+= render "devise/shared/links"
diff --git a/app/views/devise/mailer/confirmation_instructions.haml b/app/views/devise/mailer/confirmation_instructions.haml
new file mode 100644
index 00000000..46706c40
--- /dev/null
+++ b/app/views/devise/mailer/confirmation_instructions.haml
@@ -0,0 +1,3 @@
+%p= t('.greeting', recipient: @email)
+%p= t('.instruction')
+%p= link_to t('.action'), confirmation_url(@resource, confirmation_token: @token)
diff --git a/app/views/devise/mailer/email_changed.haml b/app/views/devise/mailer/email_changed.haml
new file mode 100644
index 00000000..8ae4d38a
--- /dev/null
+++ b/app/views/devise/mailer/email_changed.haml
@@ -0,0 +1,5 @@
+%p= t('.greeting', recipient: @email)
+- if @resource.try(:unconfirmed_email?)
+ %p= t('.message', email: @resource.unconfirmed_email)
+- else
+ %p= t('.message', email: @resource.email)
diff --git a/app/views/devise/mailer/password_change.haml b/app/views/devise/mailer/password_change.haml
new file mode 100644
index 00000000..ebb43d00
--- /dev/null
+++ b/app/views/devise/mailer/password_change.haml
@@ -0,0 +1,2 @@
+%p= t('.greeting', recipient: @resource.email)
+%p= t('.message')
diff --git a/app/views/devise/mailer/reset_password_instructions.haml b/app/views/devise/mailer/reset_password_instructions.haml
new file mode 100644
index 00000000..ccc4aa55
--- /dev/null
+++ b/app/views/devise/mailer/reset_password_instructions.haml
@@ -0,0 +1,5 @@
+%p= t('.greeting', recipient: @resource.email)
+%p= t('.instruction')
+%p= link_to t('.action'), edit_password_url(@resource, reset_password_token: @token)
+%p= t('.instruction_2')
+%p= t('.instruction_3')
diff --git a/app/views/devise/mailer/unlock_instructions.haml b/app/views/devise/mailer/unlock_instructions.haml
new file mode 100644
index 00000000..d68bf7c7
--- /dev/null
+++ b/app/views/devise/mailer/unlock_instructions.haml
@@ -0,0 +1,4 @@
+%p= t('.greeting', recipient: @resource.email)
+%p= t('.message')
+%p= t('.instruction')
+%p= link_to t('.action'), unlock_url(@resource, unlock_token: @token)
diff --git a/app/views/devise/passwords/edit.haml b/app/views/devise/passwords/edit.haml
new file mode 100644
index 00000000..f492ff89
--- /dev/null
+++ b/app/views/devise/passwords/edit.haml
@@ -0,0 +1,18 @@
+%h2= t('.change_your_password')
+= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f|
+ = render "devise/shared/error_messages", resource: resource
+ = f.hidden_field :reset_password_token
+ .field
+ = f.label :password, t('.new_password')
+ %br/
+ - if @minimum_password_length
+ %em= t('devise.shared.minimum_password_length', count: @minimum_password_length)
+ %br/
+ = f.password_field :password, autofocus: true, autocomplete: "new-password"
+ .field
+ = f.label :password_confirmation, t('.confirm_new_password')
+ %br/
+ = f.password_field :password_confirmation, autocomplete: "off"
+ .actions
+ = f.submit t('.change_my_password')
+= render "devise/shared/links"
diff --git a/app/views/devise/passwords/new.haml b/app/views/devise/passwords/new.haml
new file mode 100644
index 00000000..39936f3d
--- /dev/null
+++ b/app/views/devise/passwords/new.haml
@@ -0,0 +1,10 @@
+%h2= t('.forgot_your_password')
+= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f|
+ = render "devise/shared/error_messages", resource: resource
+ .field
+ = f.label :email
+ %br/
+ = f.email_field :email, autofocus: true, autocomplete: "email"
+ .actions
+ = f.submit t('.send_me_reset_password_instructions')
+= render "devise/shared/links"
diff --git a/app/views/devise/registrations/edit.haml b/app/views/devise/registrations/edit.haml
new file mode 100644
index 00000000..9b7f4f00
--- /dev/null
+++ b/app/views/devise/registrations/edit.haml
@@ -0,0 +1,35 @@
+%h2= t('.title', resource: resource.model_name.human)
+= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f|
+ = render "devise/shared/error_messages", resource: resource
+ .field
+ = f.label :email
+ %br/
+ = f.email_field :email, autofocus: true, autocomplete: "email"
+ - if devise_mapping.confirmable? && resource.pending_reconfirmation?
+ %div= t('.currently_waiting_confirmation_for_email', email: resource.unconfirmed_email)
+ .field
+ = f.label :password
+ %i
+ (#{t('.leave_blank_if_you_don_t_want_to_change_it')})
+ %br/
+ = f.password_field :password, autocomplete: "new-password"
+ - if @minimum_password_length
+ %br/
+ %em= t('devise.shared.minimum_password_length', count: @minimum_password_length)
+ .field
+ = f.label :password_confirmation
+ %br/
+ = f.password_field :password_confirmation, autocomplete: "new-password"
+ .field
+ = f.label :current_password
+ %i
+ (#{t('.we_need_your_current_password_to_confirm_your_changes')})
+ %br/
+ = f.password_field :current_password, autocomplete: "current-password"
+ .actions
+ = f.submit t('.update')
+%h3= t('.cancel_my_account')
+%p
+ = t('.unhappy')
+ = button_to t('.cancel_my_account'), registration_path(resource_name), data: { confirm: t('.are_you_sure') }, method: :delete
+= link_to t('devise.shared.links.back'), :back
diff --git a/app/views/devise/registrations/new.haml b/app/views/devise/registrations/new.haml
new file mode 100644
index 00000000..21fec96c
--- /dev/null
+++ b/app/views/devise/registrations/new.haml
@@ -0,0 +1,20 @@
+%h2= t('.sign_up')
+= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
+ = render "devise/shared/error_messages", resource: resource
+ .field
+ = f.label :email
+ %br/
+ = f.email_field :email, autofocus: true, autocomplete: "email"
+ .field
+ = f.label :password
+ - if @minimum_password_length
+ %em= t('devise.shared.minimum_password_length', count: @minimum_password_length)
+ %br/
+ = f.password_field :password, autocomplete: "new-password"
+ .field
+ = f.label :password_confirmation
+ %br/
+ = f.password_field :password_confirmation, autocomplete: "new-password"
+ .actions
+ = f.submit t('.sign_up')
+= render "devise/shared/links"
diff --git a/app/views/devise/sessions/new.haml b/app/views/devise/sessions/new.haml
new file mode 100644
index 00000000..625e380f
--- /dev/null
+++ b/app/views/devise/sessions/new.haml
@@ -0,0 +1,17 @@
+%h2= t('.sign_in')
+= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
+ .field
+ = f.label :email
+ %br/
+ = f.email_field :email, autofocus: true, autocomplete: "email"
+ .field
+ = f.label :password
+ %br/
+ = f.password_field :password, autocomplete: "current-password"
+ - if devise_mapping.rememberable?
+ .field
+ = f.check_box :remember_me
+ = f.label :remember_me
+ .actions
+ = f.submit t('.sign_in')
+= render "devise/shared/links"
diff --git a/app/views/devise/shared/_error_messages.haml b/app/views/devise/shared/_error_messages.haml
new file mode 100644
index 00000000..a921fd61
--- /dev/null
+++ b/app/views/devise/shared/_error_messages.haml
@@ -0,0 +1,9 @@
+- if resource.errors.any?
+ #error_explanation
+ %h2
+ = I18n.t("errors.messages.not_saved", |
+ count: resource.errors.count, |
+ resource: resource.class.model_name.human.downcase) |
+ %ul
+ - resource.errors.full_messages.each do |message|
+ %li= message
diff --git a/app/views/devise/shared/_links.haml b/app/views/devise/shared/_links.haml
new file mode 100644
index 00000000..5577592e
--- /dev/null
+++ b/app/views/devise/shared/_links.haml
@@ -0,0 +1,19 @@
+- if controller_name != 'sessions'
+ = link_to t(".sign_in"), new_session_path(resource_name)
+ %br/
+- if devise_mapping.registerable? && controller_name != 'registrations'
+ = link_to t(".sign_up"), new_registration_path(resource_name)
+ %br/
+- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations'
+ = link_to t(".forgot_your_password"), new_password_path(resource_name)
+ %br/
+- if devise_mapping.confirmable? && controller_name != 'confirmations'
+ = link_to t('.didn_t_receive_confirmation_instructions'), new_confirmation_path(resource_name)
+ %br/
+- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks'
+ = link_to t('.didn_t_receive_unlock_instructions'), new_unlock_path(resource_name)
+ %br/
+- if devise_mapping.omniauthable?
+ - resource_class.omniauth_providers.each do |provider|
+ = link_to t('.sign_in_with_provider', provider: OmniAuth::Utils.camelize(provider)), omniauth_authorize_path(resource_name, provider)
+ %br/
diff --git a/app/views/devise/unlocks/new.haml b/app/views/devise/unlocks/new.haml
new file mode 100644
index 00000000..f3816151
--- /dev/null
+++ b/app/views/devise/unlocks/new.haml
@@ -0,0 +1,10 @@
+%h2= t('.resend_unlock_instructions')
+= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f|
+ = render "devise/shared/error_messages", resource: resource
+ .field
+ = f.label :email
+ %br/
+ = f.email_field :email, autofocus: true, autocomplete: "email"
+ .actions
+ = f.submit t('.resend_unlock_instructions')
+= render "devise/shared/links"
diff --git a/app/views/layouts/mailer.haml b/app/views/layouts/mailer.haml
new file mode 100644
index 00000000..cbf6b8e2
--- /dev/null
+++ b/app/views/layouts/mailer.haml
@@ -0,0 +1,8 @@
+!!!
+%html
+ %head
+ %meta{:content => "text/html; charset=utf-8", "http-equiv" => "Content-Type"}/
+ :css
+ /* Email styles need to be inline */
+ %body
+ = yield
diff --git a/app/views/layouts/mailer.html.erb b/app/views/layouts/mailer.html.erb
deleted file mode 100644
index cbd34d2e..00000000
--- a/app/views/layouts/mailer.html.erb
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
-
-
-
-
-
-
- <%= yield %>
-
-
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
new file mode 100644
index 00000000..256b37e1
--- /dev/null
+++ b/config/initializers/devise.rb
@@ -0,0 +1,336 @@
+# frozen_string_literal: true
+
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
+Devise.setup do |config|
+ # The secret key used by Devise. Devise uses this key to generate
+ # random tokens. Changing this key will render invalid all existing
+ # confirmation, reset password and unlock tokens in the database.
+ # Devise will use the `secret_key_base` as its `secret_key`
+ # by default. You can change it below and use your own secret key.
+ # config.secret_key = ''
+
+ # ==> Controller configuration
+ # Configure the parent class to the devise controllers.
+ # config.parent_controller = 'DeviseController'
+
+ # ==> Mailer Configuration
+ # Configure the e-mail address which will be shown in Devise::Mailer,
+ # note that it will be overwritten if you use your own mailer class
+ # with default "from" parameter.
+ config.mailer_sender = ENV['DEFAULT_FROM']
+
+ # Configure the class responsible to send e-mails.
+ # config.mailer = 'Devise::Mailer'
+
+ # Configure the parent class responsible to send e-mails.
+ # config.parent_mailer = 'ActionMailer::Base'
+
+ # ==> ORM configuration
+ # Load and configure the ORM. Supports :active_record (default) and
+ # :mongoid (bson_ext recommended) by default. Other ORMs may be
+ # available as additional gems.
+ require 'devise/orm/active_record'
+
+ # ==> Configuration for any authentication mechanism
+ #
+ # Configure which keys are used when authenticating a user. The
+ # default is just :email. You can configure it to use [:username,
+ # :subdomain], so for authenticating a user, both parameters are
+ # required. Remember that those parameters are used only when
+ # authenticating and not when retrieving from session. If you need
+ # permissions, you should implement that in a before filter. You can
+ # also supply a hash where the value is a boolean determining whether
+ # or not authentication should be aborted when the value is not
+ # present.
+ # config.authentication_keys = [:email]
+
+ # Configure parameters from the request object used for
+ # authentication. Each entry given should be a request method and it
+ # will automatically be passed to the find_for_authentication method
+ # and considered in your model lookup. For instance, if you set
+ # :request_keys to [:subdomain], :subdomain will be used on
+ # authentication. The same considerations mentioned for
+ # authentication_keys also apply to request_keys.
+ # config.request_keys = []
+
+ # Configure which authentication keys should be case-insensitive.
+ # These keys will be downcased upon creating or modifying a user and
+ # when used to authenticate or find a user. Default is :email.
+ config.case_insensitive_keys = [:email]
+
+ # Configure which authentication keys should have whitespace stripped.
+ # These keys will have whitespace before and after removed upon
+ # creating or modifying a user and when used to authenticate or find a
+ # user. Default is :email.
+ config.strip_whitespace_keys = [:email]
+
+ # Tell if authentication through request.params is enabled. True by
+ # default. It can be set to an array that will enable params
+ # authentication only for the given strategies, for example,
+ # `config.params_authenticatable = [:database]` will enable it only
+ # for database (email + password) authentication.
+ # config.params_authenticatable = true
+
+ # Tell if authentication through HTTP Auth is enabled. False by
+ # default. It can be set to an array that will enable http
+ # authentication only for the given strategies, for example,
+ # `config.http_authenticatable = [:database]` will enable it only for
+ # database authentication. The supported strategies are: :database
+ # = Support basic authentication with authentication key + password
+ # config.http_authenticatable = false
+
+ # If 401 status code should be returned for AJAX requests. True by
+ # default.
+ # config.http_authenticatable_on_xhr = true
+
+ # The realm used in Http Basic Authentication. 'Application' by
+ # default.
+ # config.http_authentication_realm = 'Application'
+
+ # It will change confirmation, password recovery and other workflows
+ # to behave the same regardless if the e-mail provided was right or
+ # wrong. Does not affect registerable.
+ # config.paranoid = true
+
+ # By default Devise will store the user in session. You can skip
+ # storage for particular strategies by setting this option.
+ # Notice that if you are skipping storage for all authentication
+ # paths, you may want to disable generating routes to Devise's
+ # sessions controller by passing skip: :sessions to `devise_for` in
+ # your config/routes.rb
+ config.skip_session_storage = [:http_auth]
+
+ # By default, Devise cleans up the CSRF token on authentication to
+ # avoid CSRF token fixation attacks. This means that, when using AJAX
+ # requests for sign in and sign up, you need to get a new CSRF token
+ # from the server. You can disable this option at your own risk.
+ # config.clean_up_csrf_token_on_authentication = true
+
+ # When false, Devise will not attempt to reload routes on eager load.
+ # This can reduce the time taken to boot the app but if your
+ # application requires the Devise mappings to be loaded during boot
+ # time the application won't boot properly.
+ # config.reload_routes = true
+
+ # ==> Configuration for :database_authenticatable
+ # For bcrypt, this is the cost for hashing the password and defaults
+ # to 11. If using other algorithms, it sets how many times you want
+ # the password to be hashed.
+ #
+ # Limiting the stretches to just one in testing will increase the
+ # performance of your test suite dramatically. However, it is STRONGLY
+ # RECOMMENDED to not use a value less than 10 in other environments.
+ # Note that, for bcrypt (the default algorithm), the cost increases
+ # exponentially with the number of stretches (e.g. a value of 20 is
+ # already extremely slow: approx. 60 seconds for 1 calculation).
+ config.stretches = Rails.env.test? ? 1 : 11
+
+ # Set up a pepper to generate the hashed password.
+ config.pepper = ENV['DEVISE_PEPPER']
+
+ # Send a notification to the original email when the user's email is
+ # changed.
+ config.send_email_changed_notification = true
+
+ # Send a notification email when the user's password is changed.
+ config.send_password_change_notification = true
+
+ # ==> Configuration for :confirmable
+ # A period that the user is allowed to access the website even without
+ # confirming their account. For instance, if set to 2.days, the user
+ # will be able to access the website for two days without confirming
+ # their account, access will be blocked just in the third day.
+ # You can also set it to nil, which will allow the user to access the
+ # website without confirming their account.
+ # Default is 0.days, meaning the user cannot access the website
+ # without confirming their account.
+ config.allow_unconfirmed_access_for = 2.days
+
+ # A period that the user is allowed to confirm their account before
+ # their token becomes invalid. For example, if set to 3.days, the user
+ # can confirm their account within 3 days after the mail was sent, but
+ # on the fourth day their account can't be confirmed with the token
+ # any more. Default is nil, meaning there is no restriction on how
+ # long a user can take before confirming their account.
+ config.confirm_within = 3.days
+
+ # If true, requires any email changes to be confirmed (exactly the
+ # same way as initial account confirmation) to be applied. Requires
+ # additional unconfirmed_email db field (see migrations). Until
+ # confirmed, new email is stored in unconfirmed_email column, and
+ # copied to email column on successful confirmation.
+ config.reconfirmable = true
+
+ # Defines which key will be used when confirming an account
+ # config.confirmation_keys = [:email]
+
+ # ==> Configuration for :rememberable
+ # The time the user will be remembered without asking for credentials
+ # again.
+ # config.remember_for = 2.weeks
+
+ # Invalidates all the remember me tokens when the user signs out.
+ config.expire_all_remember_me_on_sign_out = true
+
+ # If true, extends the user's remember period when remembered via
+ # cookie.
+ # config.extend_remember_period = false
+
+ # Options to be passed to the created cookie. For instance, you can
+ # set secure: true in order to force SSL only cookies.
+ # config.rememberable_options = {}
+
+ # ==> Configuration for :validatable
+ # Range for password length.
+ config.password_length = 8..128
+
+ # Email regex used to validate email formats. It simply asserts that
+ # one (and only one) @ exists in the given string. This is mainly
+ # to give user feedback and not to assert the e-mail validity.
+ config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
+
+ # ==> Configuration for :timeoutable
+ # The time you want to timeout the user session without activity.
+ # After this time the user will be asked for credentials again.
+ # Default is 30 minutes.
+ # config.timeout_in = 30.minutes
+
+ # ==> Configuration for :lockable
+ #
+ # Defines which strategy will be used to lock an account.
+ # :failed_attempts = Locks an account after a number of failed
+ # attempts to sign in.
+ # :none = No lock strategy. You should handle locking by
+ # yourself.
+ config.lock_strategy = :failed_attempts
+
+ # Defines which key will be used when locking and unlocking an account
+ # config.unlock_keys = [:email]
+
+ # Defines which strategy will be used to unlock an account.
+ # :email = Sends an unlock link to the user email
+ # :time = Re-enables login after a certain amount of time (see
+ # :unlock_in below)
+ # :both = Enables both strategies
+ # :none = No unlock strategy. You should handle unlocking by
+ # yourself.
+ config.unlock_strategy = :both
+
+ # Number of authentication tries before locking an account if
+ # lock_strategy is failed attempts.
+ config.maximum_attempts = 20
+
+ # Time interval to unlock the account if :time is enabled as
+ # unlock_strategy.
+ config.unlock_in = 1.hour
+
+ # Warn on the last attempt before the account is locked.
+ # config.last_attempt_warning = true
+
+ # ==> Configuration for :recoverable
+ #
+ # Defines which key will be used when recovering the password for an
+ # account
+ # config.reset_password_keys = [:email]
+
+ # Time interval you can reset your password with a reset password key.
+ # Don't put a too small interval or your users won't have the time to
+ # change their passwords.
+ config.reset_password_within = 6.hours
+
+ # When set to false, does not sign a user in automatically after their
+ # password is reset. Defaults to true, so a user is signed in
+ # automatically after a reset.
+ config.sign_in_after_reset_password = true
+
+ # ==> Configuration for :encryptable
+ # Allow you to use another hashing or encryption algorithm besides
+ # bcrypt (default). You can use :sha1, :sha512 or algorithms from
+ # others authentication tools as :clearance_sha1, :authlogic_sha512
+ # (then you should set stretches above to 20 for default behavior) and
+ # :restful_authentication_sha1 (then you should set stretches to 10,
+ # and copy REST_AUTH_SITE_KEY to pepper).
+ #
+ # Require the `devise-encryptable` gem when using anything other than
+ # bcrypt
+ # config.encryptor = :sha512
+
+ # ==> Scopes configuration
+ # Turn scoped views on. Before rendering "sessions/new", it will first
+ # check for "users/sessions/new". It's turned off by default because
+ # it's slower if you are using only default views.
+ # config.scoped_views = false
+
+ # Configure the default scope given to Warden. By default it's the
+ # first devise role declared in your routes (usually :user).
+ # config.default_scope = :user
+
+ # Set this configuration to false if you want /users/sign_out to sign
+ # out only the current scope. By default, Devise signs out all scopes.
+ # config.sign_out_all_scopes = true
+
+ # ==> Navigation configuration
+ # Lists the formats that should be treated as navigational. Formats
+ # like :html, should redirect to the sign in page when the user does
+ # not have access, but formats like :xml or :json, should return 401.
+ #
+ # If you have any extra navigational formats, like :iphone or :mobile,
+ # you should add them to the navigational formats lists.
+ #
+ # The "*/*" below is required to match Internet Explorer requests.
+ # config.navigational_formats = ['*/*', :html]
+
+ # The default HTTP method used to sign out a resource. Default is
+ # :delete.
+ config.sign_out_via = :delete
+
+ # ==> OmniAuth
+ # Add a new OmniAuth provider. Check the wiki for more information on
+ # setting up on your models and hooks.
+ #
+ # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope:
+ # 'user,public_repo'
+
+ # ==> Warden configuration
+ #
+ # If you want to use other strategies, that are not supported by
+ # Devise, or change the failure app, you can configure them inside the
+ # config.warden block.
+ #
+ # config.warden do |manager|
+ # manager.intercept_401 = false
+ # manager.default_strategies(scope: :user)
+ # .unshift :some_external_strategy
+ # end
+
+ # ==> Mountable engine configurations
+ #
+ # When using Devise inside an engine, let's call it `MyEngine`, and
+ # this engine is mountable, there are some extra configurations to be
+ # taken into account. The following options are available, assuming
+ # the engine is mounted as:
+ #
+ # mount MyEngine, at: '/my_engine'
+ #
+ # The router that invoked `devise_for`, in the example above, would
+ # be: config.router_name = :my_engine
+ #
+ # When using OmniAuth, Devise cannot automatically set OmniAuth path,
+ # so you need to do it manually. For the users scope, it would be:
+ # config.omniauth_path_prefix = '/my_engine/users/auth'
+
+ # ==> Turbolinks configuration
+ #
+ # If your app is using Turbolinks, Turbolinks::Controller needs to be
+ # included to make redirection work correctly:
+ ActiveSupport.on_load(:devise_failure_app) do
+ include Turbolinks::Controller
+ end
+
+ # ==> Configuration for :registerable
+ # When set to false, does not sign a user in automatically after their
+ # password is changed. Defaults to true, so a user is signed in
+ # automatically after changing a password.
+ config.sign_in_after_change_password = true
+end
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
new file mode 100644
index 00000000..55617bdf
--- /dev/null
+++ b/config/locales/devise.en.yml
@@ -0,0 +1,65 @@
+# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+
+en:
+ devise:
+ confirmations:
+ confirmed: "Your email address has been successfully confirmed."
+ send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+ send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
+ failure:
+ already_authenticated: "You are already signed in."
+ inactive: "Your account is not activated yet."
+ invalid: "Invalid %{authentication_keys} or password."
+ locked: "Your account is locked."
+ last_attempt: "You have one more attempt before your account is locked."
+ not_found_in_database: "Invalid %{authentication_keys} or password."
+ timeout: "Your session expired. Please sign in again to continue."
+ unauthenticated: "You need to sign in or sign up before continuing."
+ unconfirmed: "You have to confirm your email address before continuing."
+ mailer:
+ confirmation_instructions:
+ subject: "Confirmation instructions"
+ reset_password_instructions:
+ subject: "Reset password instructions"
+ unlock_instructions:
+ subject: "Unlock instructions"
+ email_changed:
+ subject: "Email Changed"
+ password_change:
+ subject: "Password Changed"
+ omniauth_callbacks:
+ failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
+ success: "Successfully authenticated from %{kind} account."
+ passwords:
+ no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+ send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
+ send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+ updated: "Your password has been changed successfully. You are now signed in."
+ updated_not_active: "Your password has been changed successfully."
+ registrations:
+ destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
+ signed_up: "Welcome! You have signed up successfully."
+ signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
+ signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
+ signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
+ update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address."
+ updated: "Your account has been updated successfully."
+ updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again"
+ sessions:
+ signed_in: "Signed in successfully."
+ signed_out: "Signed out successfully."
+ already_signed_out: "Signed out successfully."
+ unlocks:
+ send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
+ send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
+ unlocked: "Your account has been unlocked successfully. Please sign in to continue."
+ errors:
+ messages:
+ already_confirmed: "was already confirmed, please try signing in"
+ confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
+ expired: "has expired, please request a new one"
+ not_found: "not found"
+ not_locked: "was not locked"
+ not_saved:
+ one: "1 error prohibited this %{resource} from being saved:"
+ other: "%{count} errors prohibited this %{resource} from being saved:"
diff --git a/config/locales/devise.views.en.yml b/config/locales/devise.views.en.yml
new file mode 100644
index 00000000..aa0697c2
--- /dev/null
+++ b/config/locales/devise.views.en.yml
@@ -0,0 +1,146 @@
+en:
+ activerecord:
+ attributes:
+ user:
+ confirmation_sent_at: Confirmation sent at
+ confirmation_token: Confirmation token
+ confirmed_at: Confirmed at
+ created_at: Created at
+ current_password: Current password
+ current_sign_in_at: Current sign in at
+ current_sign_in_ip: Current sign in IP
+ email: Email
+ encrypted_password: Encrypted password
+ failed_attempts: Failed attempts
+ last_sign_in_at: Last sign in at
+ last_sign_in_ip: Last sign in IP
+ locked_at: Locked at
+ password: Password
+ password_confirmation: Password confirmation
+ remember_created_at: Remember created at
+ remember_me: Remember me
+ reset_password_sent_at: Reset password sent at
+ reset_password_token: Reset password token
+ sign_in_count: Sign in count
+ unconfirmed_email: Unconfirmed email
+ unlock_token: Unlock token
+ updated_at: Updated at
+ models:
+ user:
+ one: User
+ other: Users
+ devise:
+ confirmations:
+ confirmed: Your email address has been successfully confirmed.
+ new:
+ resend_confirmation_instructions: Resend confirmation instructions
+ send_instructions: You will receive an email with instructions for how to confirm your email address in a few minutes.
+ send_paranoid_instructions: If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes.
+ failure:
+ already_authenticated: You are already signed in.
+ inactive: Your account is not activated yet.
+ invalid: Invalid %{authentication_keys} or password.
+ last_attempt: You have one more attempt before your account is locked.
+ locked: Your account is locked.
+ not_found_in_database: Invalid %{authentication_keys} or password.
+ timeout: Your session expired. Please sign in again to continue.
+ unauthenticated: You need to sign in or sign up before continuing.
+ unconfirmed: You have to confirm your email address before continuing.
+ mailer:
+ confirmation_instructions:
+ action: Confirm my account
+ greeting: Welcome %{recipient}!
+ instruction: 'You can confirm your account email through the link below:'
+ subject: Confirmation instructions
+ email_changed:
+ greeting: Hello %{recipient}!
+ message: We're contacting you to notify you that your email has been changed to %{email}.
+ subject: Email Changed
+ password_change:
+ greeting: Hello %{recipient}!
+ message: We're contacting you to notify you that your password has been changed.
+ subject: Password Changed
+ reset_password_instructions:
+ action: Change my password
+ greeting: Hello %{recipient}!
+ instruction: Someone has requested a link to change your password. You can do this through the link below.
+ instruction_2: If you didn't request this, please ignore this email.
+ instruction_3: Your password won't change until you access the link above and create a new one.
+ subject: Reset password instructions
+ unlock_instructions:
+ action: Unlock my account
+ greeting: Hello %{recipient}!
+ instruction: 'Click the link below to unlock your account:'
+ message: Your account has been locked due to an excessive number of unsuccessful sign in attempts.
+ subject: Unlock instructions
+ omniauth_callbacks:
+ failure: Could not authenticate you from %{kind} because "%{reason}".
+ success: Successfully authenticated from %{kind} account.
+ passwords:
+ edit:
+ change_my_password: Change my password
+ change_your_password: Change your password
+ confirm_new_password: Confirm new password
+ new_password: New password
+ new:
+ forgot_your_password: Forgot your password?
+ send_me_reset_password_instructions: Send me reset password instructions
+ no_token: You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided.
+ send_instructions: You will receive an email with instructions on how to reset your password in a few minutes.
+ send_paranoid_instructions: If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.
+ updated: Your password has been changed successfully. You are now signed in.
+ updated_not_active: Your password has been changed successfully.
+ registrations:
+ destroyed: Bye! Your account has been successfully cancelled. We hope to see you again soon.
+ edit:
+ are_you_sure: Are you sure?
+ cancel_my_account: Cancel my account
+ currently_waiting_confirmation_for_email: 'Currently waiting confirmation for: %{email}'
+ leave_blank_if_you_don_t_want_to_change_it: leave blank if you don't want to change it
+ title: Edit %{resource}
+ unhappy: Unhappy?
+ update: Update
+ we_need_your_current_password_to_confirm_your_changes: we need your current password to confirm your changes
+ new:
+ sign_up: Sign up
+ signed_up: Welcome! You have signed up successfully.
+ signed_up_but_inactive: You have signed up successfully. However, we could not sign you in because your account is not yet activated.
+ signed_up_but_locked: You have signed up successfully. However, we could not sign you in because your account is locked.
+ signed_up_but_unconfirmed: A message with a confirmation link has been sent to your email address. Please follow the link to activate your account.
+ update_needs_confirmation: You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address.
+ updated: Your account has been updated successfully.
+ updated_but_not_signed_in: Your account has been updated successfully, but since your password was changed, you need to sign in again
+ sessions:
+ already_signed_out: Signed out successfully.
+ new:
+ sign_in: Log in
+ signed_in: Signed in successfully.
+ signed_out: Signed out successfully.
+ shared:
+ links:
+ back: Back
+ didn_t_receive_confirmation_instructions: Didn't receive confirmation instructions?
+ didn_t_receive_unlock_instructions: Didn't receive unlock instructions?
+ forgot_your_password: Forgot your password?
+ sign_in: Log in
+ sign_in_with_provider: Sign in with %{provider}
+ sign_up: Sign up
+ minimum_password_length:
+ one: "(%{count} character minimum)"
+ other: "(%{count} characters minimum)"
+ unlocks:
+ new:
+ resend_unlock_instructions: Resend unlock instructions
+ send_instructions: You will receive an email with instructions for how to unlock your account in a few minutes.
+ send_paranoid_instructions: If your account exists, you will receive an email with instructions for how to unlock it in a few minutes.
+ unlocked: Your account has been unlocked successfully. Please sign in to continue.
+ errors:
+ messages:
+ already_confirmed: was already confirmed, please try signing in
+ confirmation_period_expired: needs to be confirmed within %{period}, please request a new one
+ expired: has expired, please request a new one
+ not_found: not found
+ not_locked: was not locked
+ not_saved:
+ one: '1 error prohibited this %{resource} from being saved:'
+ other: "%{count} errors prohibited this %{resource} from being saved:"
diff --git a/config/locales/devise.views.es.yml b/config/locales/devise.views.es.yml
new file mode 100644
index 00000000..4a631e8b
--- /dev/null
+++ b/config/locales/devise.views.es.yml
@@ -0,0 +1,146 @@
+es:
+ activerecord:
+ attributes:
+ user:
+ confirmation_sent_at: Confirmación enviada a
+ confirmation_token: Código de confirmación
+ confirmed_at: Confirmado en
+ created_at: Creado en
+ current_password: Contraseña actual
+ current_sign_in_at: Fecha del ingreso actual
+ current_sign_in_ip: IP del ingreso actual
+ email: Email
+ encrypted_password: Contraseña cifrada
+ failed_attempts: Intentos fallidos
+ last_sign_in_at: Fecha del último ingreso
+ last_sign_in_ip: IP del último inicio
+ locked_at: Fecha de bloqueo
+ password: Contraseña
+ password_confirmation: Confirmación de la contraseña
+ remember_created_at: Fecha de 'Recordarme'
+ remember_me: Recordarme
+ reset_password_sent_at: Fecha de envío de código para contraseña
+ reset_password_token: Código para restablecer contraseña
+ sign_in_count: Cantidad de ingresos
+ unconfirmed_email: Email no confirmado
+ unlock_token: Código de desbloqueo
+ updated_at: Actualizado en
+ models:
+ user:
+ one: Usuario
+ other: Usuarios
+ devise:
+ confirmations:
+ confirmed: Tu cuenta ha sido confirmada satisfactoriamente.
+ new:
+ resend_confirmation_instructions: Reenviar instrucciones de confirmación
+ send_instructions: Vas a recibir un correo con instrucciones sobre cómo confirmar tu cuenta en unos minutos.
+ send_paranoid_instructions: Si tu correo existe en nuestra base de datos, en unos minutos recibirás un correo con instrucciones sobre cómo confirmar tu cuenta.
+ failure:
+ already_authenticated: Ya has iniciado sesión.
+ inactive: Tu cuenta aún no ha sido activada.
+ invalid: "%{authentication_keys} o contraseña inválidos."
+ last_attempt: Tienes un intento más antes de que tu cuenta sea bloqueada.
+ locked: Tu cuenta está bloqueada.
+ not_found_in_database: "%{authentication_keys} o contraseña inválidos."
+ timeout: Tu sesión expiró. Por favor, inicia sesión nuevamente para continuar.
+ unauthenticated: Tienes que iniciar sesión o registrarte para poder continuar.
+ unconfirmed: Tienes que confirmar tu cuenta para poder continuar.
+ mailer:
+ confirmation_instructions:
+ action: Confirmar mi cuenta
+ greeting: "¡Bienvenido %{recipient}!"
+ instruction: 'Usted puede confirmar el correo electrónico de su cuenta a través de este enlace:'
+ subject: Instrucciones de confirmación
+ email_changed:
+ greeting: "¡Hola %{recipient}! "
+ message: Estamos contactando contigo para notificarte que tu email ha sido cambiado a %{email}.
+ subject: Email cambiado
+ password_change:
+ greeting: Hola %{recipient}!
+ message: Le estamos contactando para notificarle que su contraseña ha sido cambiada.
+ subject: Contraseña cambiada
+ reset_password_instructions:
+ action: Cambiar mi contraseña
+ greeting: "¡Hola %{recipient}!"
+ instruction: Alguien ha solicitado un enlace para cambiar su contraseña, lo que se puede realizar a través del siguiente enlace.
+ instruction_2: Si usted no lo ha solicitado, por favor ignore este correo electrónico.
+ instruction_3: Su contraseña no será cambiada hasta que usted acceda al enlace y cree una nueva.
+ subject: Instrucciones de recuperación de contraseña
+ unlock_instructions:
+ action: Desbloquear mi cuenta
+ greeting: "¡Hola %{recipient}!"
+ instruction: 'Haga click en el siguiente enlace para desbloquear su cuenta:'
+ message: Su cuenta ha sido bloqueada debido a una cantidad excesiva de intentos infructuosos para ingresar.
+ subject: Instrucciones para desbloquear
+ omniauth_callbacks:
+ failure: No has sido autorizado en la cuenta %{kind} porque "%{reason}".
+ success: Has sido autorizado satisfactoriamente en la cuenta %{kind}.
+ passwords:
+ edit:
+ change_my_password: Cambiar mi contraseña
+ change_your_password: Cambie su contraseña
+ confirm_new_password: Confirme la nueva contraseña
+ new_password: Nueva contraseña
+ new:
+ forgot_your_password: "¿Ha olvidado su contraseña?"
+ send_me_reset_password_instructions: Envíeme las instrucciones para resetear mi contraseña
+ no_token: No puedes acceder a esta página si no es a través de un enlace para resetear tu contraseña. Si has llegado hasta aquí desde el email para resetear tu contraseña, por favor asegúrate de que la URL introducida está completa.
+ send_instructions: Recibirás un correo con instrucciones sobre cómo resetear tu contraseña en unos pocos minutos.
+ send_paranoid_instructions: Si tu correo existe en nuestra base de datos, recibirás un correo con instrucciones sobre cómo resetear tu contraseña en tu bandeja de entrada.
+ updated: Se ha cambiado tu contraseña. Ya iniciaste sesión.
+ updated_not_active: Tu contraseña fue cambiada.
+ registrations:
+ destroyed: "¡Adiós! Tu cuenta ha sido cancelada correctamente. Esperamos verte pronto."
+ edit:
+ are_you_sure: "¿Está usted seguro?"
+ cancel_my_account: Anular mi cuenta
+ currently_waiting_confirmation_for_email: 'Actualmente esperando la confirmacion de: %{email} '
+ leave_blank_if_you_don_t_want_to_change_it: dejar en blanco si no desea cambiarlo
+ title: Editar %{resource}
+ unhappy: "¿Disconforme?"
+ update: Actualizar
+ we_need_your_current_password_to_confirm_your_changes: necesitamos su contraseña actual para confirmar los cambios
+ new:
+ sign_up: Registrarse
+ signed_up: Bienvenido. Tu cuenta fue creada.
+ signed_up_but_inactive: Tu cuenta ha sido creada correctamente. Sin embargo, no hemos podido iniciar la sesión porque tu cuenta aún no está activada.
+ signed_up_but_locked: Tu cuenta ha sido creada correctamente. Sin embargo, no hemos podido iniciar la sesión porque que tu cuenta está bloqueada.
+ signed_up_but_unconfirmed: Se ha enviado un mensaje con un enlace de confirmación a tu correo electrónico. Abre el enlace para activar tu cuenta.
+ update_needs_confirmation: Has actualizado tu cuenta correctamente, pero es necesario confirmar tu nuevo correo electrónico. Por favor, comprueba tu correo y sigue el enlace de confirmación para finalizar la comprobación del nuevo correo electrónico.
+ updated: Tu cuenta se ha actualizado.
+ updated_but_not_signed_in:
+ sessions:
+ already_signed_out: Sesión finalizada.
+ new:
+ sign_in: Iniciar sesión
+ signed_in: Sesión iniciada.
+ signed_out: Sesión finalizada.
+ shared:
+ links:
+ back: Atrás
+ didn_t_receive_confirmation_instructions: "¿No ha recibido las instrucciones de confirmación?"
+ didn_t_receive_unlock_instructions: "¿No ha recibido instrucciones para desbloquear?"
+ forgot_your_password: "¿Ha olvidado su contraseña?"
+ sign_in: Iniciar sesión
+ sign_in_with_provider: Iniciar sesión con %{provider}
+ sign_up: Registrarse
+ minimum_password_length:
+ one: "(%{count} caractere como mínimo)"
+ other: "(%{count} caracteres como mínimo)"
+ unlocks:
+ new:
+ resend_unlock_instructions: Reenviar instrucciones para desbloquear
+ send_instructions: Vas a recibir instrucciones para desbloquear tu cuenta en unos pocos minutos.
+ send_paranoid_instructions: Si tu cuenta existe, vas a recibir instrucciones para desbloquear tu cuenta en unos pocos minutos.
+ unlocked: Tu cuenta ha sido desbloqueada. Ya puedes iniciar sesión.
+ errors:
+ messages:
+ already_confirmed: ya ha sido confirmada, por favor intenta iniciar sesión
+ confirmation_period_expired: necesita confirmarse dentro de %{period}, por favor solicita una nueva
+ expired: ha expirado, por favor solicita una nueva
+ not_found: no se ha encontrado
+ not_locked: no estaba bloqueada
+ not_saved:
+ one: 'Ocurrió un error al tratar de guardar %{resource}:'
+ other: 'Ocurrieron %{count} errores al tratar de guardar %{resource}:'
diff --git a/doc/autenticacion.md b/doc/autenticacion.md
new file mode 100644
index 00000000..b83ed840
--- /dev/null
+++ b/doc/autenticacion.md
@@ -0,0 +1,23 @@
+# Autenticación de usuaries
+
+Estamos pasando de un modelo integrado donde Usuarias son usuaries de
+una red IMAP e Invitadxs son usuaries locales de la plataforma, a una
+más "monolítica" donde las cuentas se gestionan desde la plataforma
+misma.
+
+Entonces, Usuaria e Invitadx se fusionan y su diferencia es solo de
+privilegios sobre un sitio (puede hacer todo / solo puede cargar
+artículos y modificar los propios).
+
+No nos gusta la idea de implementar todo un sistema de privilegios,
+primero porque queremos que Sutty sea una plataforma democrática y
+segundo porque en nuestra experiencia nadie los usa y prefieren usar una
+cuenta de administración.
+
+La migración a Devise nos va a permitir tener recuperación de
+contraseñas, registro independiente, correos de bienvenida y varias
+cosas más.
+
+Planeamos que Sutty también sea un proveedor de oAuth, para poder
+integrarla con otras plataformas comunitarias
+(rocket.chat/mattermost.com principalmente).